Windows has always had a troubled relationship with security. As the most popular desktop operating system it’s frequently the target of all sorts of weird and wonderful attacks which, to Microsoft’s credit, they’ve done their best to combat. However it’s hard to forget the numerous missteps along the way like the abhorrent User Access Control system which, in its default state, did little to improve security and just added another level of frustration for users. However if the features coming from the technical preview of Windows 10 are anything to go by Microsoft might finally be making big boy steps towards improving security on their flagship OS.
Whilst there’s numerous third party solutions to 2 factor authentication on Windows, like smartcards or tokens, the OS itself has never had that capability natively. This means that for the vast majority of Windows users this heightened security mode has been unavailable. Windows 10 brings with it the Next Generation Credentials service which allows users (both consumer and corporate) the ability to enrol a device to function as a second factor for authentication. The larger mechanics of how this work are still being worked out however the application has a PIN which would prevent unauthorized access to the code, ensuring that losing your device doesn’t mean someone automatically gains access to your Windows login. Considering this kind of technology has been freely available for years (hell my World of Warcraft characters have had it for years) it’s good to see it finally making its way into Windows as native functionality.
There’s also extensive customization abilities available thanks to Microsoft adopting the FIDO Alliance standard rather than developing their own proprietary solution. In addition to the traditional code-generation 2 factor auth you can also use your smartphone as a sort of smartcard with it being automatically recognised when brought next to a bluetooth enabled PC. This opens up the possibility for your phone to be a second factor for a whole range of services and products that currently make use of Microsoft technology, like Active Directory integrated applications. Whilst some might lament that possibility the fact that it’s based on open standards means that such functionality won’t be limited to the Microsoft family of products.
Microsoft has also announced a whole suite of better security features, many of which have been third party products for the better part of a decade. Encryption is now available for the open and save dialogs natively within the Windows APIs, allowing developers to easily integrate encryption functionality into their applications. This comes hand in hand with controls around which applications can access said encrypted data, ensuring that data handling measures can’t be circumvented by using non-standard applications. Device lock down is also now natively supported, eliminating the need for other device access control software like Lumension (which, if you’ve worked with, will likely be thankful for).
It might not be the sexiest thing to be happening in Windows 10 but it’s by far one of the more important. As the defacto platform for many people increases in Windows security are very much welcome and hopefully this will lead to a much more secure computing world for us all. These measures aren’t a silver bullet by any stretch of the imagination but they’ll go a long way to making Windows far more secure than it has been in the past.